Add explicit checks for CONFIG_MODULES and CONFIG_DEVMEM

I like this hack. Now the script recommends to disable modules and devmem OR harden them at least.

Add explicit checks for CONFIG_MODULES and CONFIG_DEVMEM
I like this hack. Now the script recommends to disable modules and devmem OR harden them at least.
30b0806b · Alexander Popov · dfa4ccc7 · 30b0806b
Commit 30b0806b authored Mar 11, 2019 by Alexander Popov
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

kconfig-hardened-check.py kconfig-hardened-check.py +2 -0

No files found.
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -231,6 +231,8 @@ def construct_checklist(arch):
        checklist.append(OR(OptCheck('STRICT_DEVMEM',     'y', 'defconfig', 'cut_attack_surface'), \
                            devmem_not_set)) # refers to LOCK_DOWN_KERNEL

+    checklist.append(modules_not_set)
+    checklist.append(devmem_not_set)
    checklist.append(OR(OptCheck('IO_STRICT_DEVMEM',  'y', 'kspp', 'cut_attack_surface'), \
                        devmem_not_set)) # refers to LOCK_DOWN_KERNEL
    if debug_mode or arch == 'ARM':